General

  • Target

    37c8afc687419dfc68e7f63c28c0cbbc11ca34cfd32b095711f7a8818788931f.exe

  • Size

    879KB

  • Sample

    240727-lsyw5svdjf

  • MD5

    922aee056087550daf3f1f73afe27981

  • SHA1

    9343b922a98667a6ca1224ab67323f557e176de7

  • SHA256

    37c8afc687419dfc68e7f63c28c0cbbc11ca34cfd32b095711f7a8818788931f

  • SHA512

    747a358da2760c6720e4a4fc6633aeaa2de1929d17098373f4cd39949a57f87e5e5f802eae8922c6a197f17dfc83ba1fab70e772d78509ea3f80667df7ea6c7a

  • SSDEEP

    1536:eywzb8kIR7zHKR/sxXsX9jz9jEOCKDncxVvPeLuBT+V48I/0Is0NSRCtQnyuaXaZ:eyb1NKV4mwX/b6f8twq

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

bignight.net:3363

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-SIVP85

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      37c8afc687419dfc68e7f63c28c0cbbc11ca34cfd32b095711f7a8818788931f.exe

    • Size

      879KB

    • MD5

      922aee056087550daf3f1f73afe27981

    • SHA1

      9343b922a98667a6ca1224ab67323f557e176de7

    • SHA256

      37c8afc687419dfc68e7f63c28c0cbbc11ca34cfd32b095711f7a8818788931f

    • SHA512

      747a358da2760c6720e4a4fc6633aeaa2de1929d17098373f4cd39949a57f87e5e5f802eae8922c6a197f17dfc83ba1fab70e772d78509ea3f80667df7ea6c7a

    • SSDEEP

      1536:eywzb8kIR7zHKR/sxXsX9jz9jEOCKDncxVvPeLuBT+V48I/0Is0NSRCtQnyuaXaZ:eyb1NKV4mwX/b6f8twq

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks